Forum Discussion

Andrew Baker's avatar
Andrew Baker
Copper Contributor
Dec 06, 2017

Skype phones on an on-premise deployment issues

We have suddenly started having issues with our HP 4120s where they start flashing up "Can't download the root certificate" and then the display changes to "An account matching this phone number doesn't exist". I know this account exists as its my skype account and is used daily.

 

When I run Test-CsPhoneBootstrap on an frontend server it can get the certificate okay, it is in fact getting this error:

 

 

Getting web ticket for the given user is failed. Error Code: 28037 , Error Reason: The AppliesTo element of web ticket request points to a different web server or site.

I have checked the technet posts on this issue, and have seen that the Target FQDN and Target URI don't match on their issues which can cause the same issue. 

 

Running Test-CsPhoneBootstrap with the verbose flag gives me this:

 

PS C:\Users\<username>> Test-CsPhoneBootstrap -PhoneOrExtension 1508 -PIN 132456 -verbose
VERBOSE: Workflow Instance Id '3faf6513-5d38-4fd9-8a63-1bae5bbff9dd', started.
VERBOSE: Command line executed is 'Test-CsPhoneBootstrap -PhoneOrExtension 1508 -PIN 132456 -verbose'.


Target Fqdn   : skypepool.contoso.com
Target Uri    : https://skypepool.contoso.com:443/CertProv/CertProvisioningServ
                ice.svc
Result        : Failure
Latency       : 00:00:01.5184809
Error Message : Getting web ticket for the given user is failed. Error Code:
                28037 , Error Reason: The AppliesTo element of web ticket
                request points to a different web server or site.

Diagnosis     :


VERBOSE: Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow' started.
Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow' completed in '2.71E-05' seconds.
Target server Fqdn or web service Url not provided. Will have to do DHCP Registrar Discovery.
An exception 'Getting web ticket for the given user is failed. Error Code: 28037 , Error Reason: The AppliesTo element of web ticket request points to a different web server or site.' occurred during Workflow Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow execution.
Exception Call Stack:    at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.ProcessFaultMessage(MessageFault fault)
   at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetWebTicket()
   at Microsoft.Rtc.SyntheticTransactions.Activities.GetWebTicketActivity.InternalExecute(ActivityExecutionContext executionContext)
   at Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Execute(ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 10.1.3.212.
Creating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 10.1.3.100.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : skypepool.contoso.com.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 - skypepool.contoso.com.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 - /CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url : https://skypepool.contoso.com:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.0110096' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url : http://skypepool.contoso.com/CertProv/CertProvisioningService.svc
Certificate chain downloaded successfully.
'GetRootCertChains' activity completed in '0.5074713' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url : https://skypepool.contoso.com:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 1508 Pin : 132456
Exception: Microsoft.Rtc.Admin.Authentication.CommonAuthException: Getting web ticket for the given user is failed. Error Code: 28037 , Error Reason: The AppliesTo element of web ticket request points to a different web server or site.
   at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.ProcessFaultMessage(MessageFault fault)
   at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetWebTicket()
   at Microsoft.Rtc.SyntheticTransactions.Activities.GetWebTicketActivity.InternalExecute(ActivityExecutionContext executionContext)
Could not get a web ticket
CHECK: 
  - Web service Url is valid and the web services are functional 
   - If using Phone Number\PIN to authenticate, make sure they match the user uri 
   - If using NTLM\Kerberos authentication, make sure you provided valid credentials
Webticket response headers:

X-MS-Server-Fqdn:SFB2FE.contoso.com

X-MS-Correlation-Id:2147483707

client-request-id:b2eaa7fa-3a6a-476f-93c2-6103265ef951

Strict-Transport-Security:max-age=31536000; includeSubDomains

X-Content-Type-Options:nosniff

Content-Length:765

Cache-Control:private

Content-Type:text/xml; charset=utf-8

Date:Wed, 06 Dec 2017 08:34:19 GMT

'UnRegister' activity started.
'UnRegister' activity completed in '1.27E-05' seconds.
VERBOSE: Workflow Instance ID '3faf6513-5d38-4fd9-8a63-1bae5bbff9dd' completed.
VERBOSE: Workflow run-time (sec): 2.1310457.



PS C:\Users\<username>> stop-transcript
**********************
Windows PowerShell transcript end
End time: 20171206083425
**********************

We recently asked for support from our Microsoft Gold Partner who asked us to install an prerequisite that they didn't install whilst setting it up. 

 

https://protect-eu.mimecast.com/s/2mmKBIlA39uq?domain=support.microsoft.com

 

https://protect-eu.mimecast.com/s/6eeaBu1VQwfg?domain=blogs.technet.microsoft.com

 

Is this what potentially be causing us issues or is there something more going on?

 

 

 

devices
On-Premises
Sign-in
No RepliesBe the first to reply